- Security at CoinDCX is the most crucial requirement of all developments.
- Our primary goal is to educate and create awareness about cybersecurity best practices on the Internet amongst our users and Inform Users about security offerings on the CoinDCX Platform.
- Big things are in the CoinDCX’s pipeline and Akash won’t stop till CoinDCX is the global leaders in user account and fund security
While we’ve seen a boom in the cryptocurrency trading market in the recent past, we’ve also heard and seen the myriad security risks that have plagued crypto users.
How safe are our cryptos? Have we done everything we can to ensure safety and are we unknowingly indulging in bad practices that make me susceptible to hackers on the internet? These are all valid and important questions to ask ourselves as traders and this is exactly what we set out to answer on our recent Youtube Live “Lets Talk Security”.
We brought on board Akash Mishra, Director of Security at CoinDCX to talk about all things security with our community in an interactive session hosted by Ramalingam Subramanian. Here’s an excerpt from this session if you missed it.
Ram: With so much happening in the cryptocurrency and blockchain market, how important is it to be updated on Security for everyone?
Akash: You are correct. Every day we hear stories about platforms and users getting hacked and millions of dollars being stolen by hackers by exploiting security vulnerabilities. Some of the largest exchanges have become a part of the Blockchain graveyard. Mt. Gox is a good example of this.
So no doubt, security is the most important aspect. A single mistake in security could mean the end of exchanges.
“The introduction of these Let’s Talk Security sessions helps further strengthen our commitment. Our primary goal is to educate and create awareness about cybersecurity best practices on the Internet amongst our users and Inform Users about security offerings on the CoinDCX Platform.”
Ram: So I understand building secure exchanges is a given, however, we know the chain is as strong as its weakest link. How important is it for traders to also increase their security awareness and practices?
Akash: Yes, you are correct! The compromise can happen either at the Platform end or at the user end.
At the platform end, we are taking steps to ensure that we don’t introduce vulnerability into the platform. At the user end, we want to educate and create awareness so that they don’t fall victim to common security attacks. We have always been committed to educating our users and protecting their funds.
The introduction of these Let’s Talk Security sessions helps further strengthen our commitment. Our primary goal is to educate and create awareness about cybersecurity best practices on the Internet amongst our users and Inform Users about security offerings on the CoinDCX Platform.
This will help us achieve the following goals:
- Education can help prevent user fall victim to common security pitfalls and help us inform users about security offerings on the platform and how to get the best value out of them
- Create awareness about new attack vectors in the crypto industry (How to identify the vectors and protect yourself against them)
- List down common security mistakes based on our experience/research with user behavior on the platform and ways to avoid making such mistakes.
Ram: What are the common mistakes that users can avoid?
Akash: There are many common mistakes that emerge as regular patterns if you were to study past hacks. Not enabling 2fa/sharing 2fa codes with others.
Using a single password across multiple platforms is another one. Sharing credentials with friends is another risk factor. Keeping credentials/2fa stored in plaintext on Computer/mobile/email. Not enabling 2fa on email account linked to the CoinDCX platform account. Discuss the pros and cons of mobile text-based 2fa and google authenticator based 2fa
“Do not reveal the information about your CoinDCX account/portfolio in front of anyone. Don’t share information about your trading activity/account on CoinDCX with anyone. Don’t share OTP’s with anyone. Always do your own research before investing in any venture. Don’t buy based on suggestions. It’s your hard-earned money that you are putting into the market.”
Ram: How can one avoid scammers?
Akash: Always beware of the “get rich quick” schemes. If anyone promises you unbelievable returns, get cautious. In the case of email/text communication, you can look at the source of communication. Look for obvious mistakes in spelling and grammar. CoinDCX will never ask you to share your creds with us. Our only official means of communication is through our support channel (https://support.coindcx.com). Do not reveal the information about your CoinDCX account/portfolio in front of anyone. Don’t share information about your trading activity/account on CoinDCX with anyone. Don’t share OTP’s with anyone. Always do your own research before investing in any venture. Don’t buy based on suggestions. It’s your hard-earned money that you are putting into the market.
CoinDCX Admins will never DM you. All communications will happen via Support Channels only. Internally as well, CoinDCX Support is the only authorized personnel to access user data and hence they are the only team that can respond to user queries.
Ram: Can you share with our audience, some of the major compromises that have taken place over the years?
Akash: 1) Recent scam via twitter hack
- Mt. Gox
- Mark Zuckerberg + Twitter Hack
Reference URL: https://magoo.github.io/Blockchain-Graveyard/
Ram: What are the best practices for users to follow?
Akash: There are some best practices which if followed reduces the chance of getting hacked significantly. This is true for any platform on the internet that we browse and not just CoinDCX.
- Applications should only be installed from official sources(example google play store and Appstore). Installation of application from an untrusted source is risky
- Keep your device os and applications updated with latest security patches
- Do NOT leave your device unattended. Do NOT plug in untrusted accessories in your device.
- Use VPN Software to establish a secure network connection.
- Follow good security practices like Connect to HTTPS websites. Check the URL of the platform in the address bar before providing credentials.
- Clear browsing session information when using devices that do not belong to you.
- Don’t use public wifi while using CoinDCX
- Bookmark the URL https://coindcx.com/ and use the bookmark for accessing the platform
- Regular audit of communication/account activity
- The only medium of communication with CoinDCX is through support channel https://support.coindcx.com
- Using a password manager could be a good start. I would suggest that if you have funds more than 1000 USD in your account then you can invest some money in getting a VPN connection/password manager.
- Don’t use rooted/jailbroken devices for accessing the CoinDCX app.
- Try Haveibeenpwned.com to check if your email id has been compromised.
Ram: That’s interesting to know. I understand what users can do, what does an exchange like CoinDCX do, to ensure safety and security?
Akash: Any crypto exchange should be developed with a security-first approach. As we have seen in the past, crypto exchanges and users are prime targets of cyber attack because ROI is higher for hackers in the case of cryptocurrency due to the decentralized nature of the tech which also promises a decent level of anonymity. Educating users about best practices of cybersecurity could be a good start. This gives an idea to users about the security offerings being present on the platform and how to get the best out of it. Education helps protect users not just on the CoinDCX platform but on the whole internet. We are doing these sessions inside our organization as well to keep everyone updated on what’s happening in the cybersecurity world.
Ram: Over the last few months, we have seen a lot of security improvements. A recent report by Mozilla also showed that CoinDCX is one of the highest-ranked exchanges in terms of security. A B- Rating is good, but I understand we are still building?
Akash: Yes, Security is a continuous work. We keep on adding new security features on the platform. We have big security upgrades in the pipeline. Our goal is to provide military-grade security to our users and be the leaders not only in Indian Market but globally. We have multiple security upgrades in the pipeline which is being worked upon as we speak.
Ram: That’s amazing to hear. A lot more changes to come in the future as well. Can you highlight a few?
Akash: We are working on a user activity stream which is another feature we hope to push to prod soon. This will help a user keep a track of all their account access related information from a single dashboard. Using this users will be able to keep a track of all the IP’s they have accessed the platform from, List of verified devices, etc. We are also going to introduce wallet whitelisting for withdrawals soon.
Ram: Security needs to be tested and as I understand we have now started a dedicated bug bounty program as well. Would you like to talk more about it?
Akash: Yes, We recently launched our Bug Bounty programs. Having a bug bounty program ensures that your infra/platform is getting continuously tested for vulnerabilities by different security researchers and you reward researchers for taking time and energy out and using their experience to help you fix vulnerabilities. It’s a win-win situation for both the organization and security researchers. We are awarding bounties up to 1000 USD for finding and reporting critical vulnerabilities to us. More details about the program can be found out at https://coindcx.com/bug-bounty.
This bug bounty program is in addition to regular internal/external security audits that we perform on our platform.
Ram: Can you tell us about the new security upgrade on withdrawal that is being introduced?
Akash: The development of new withdrawal flow is going according to our plan and this will be live soon on our platform. The introduction of the withdrawal pin will add one more layer of security check-in withdrawal to any wallet not whitelisted on the platform. We are also going to introduce the new user account activity page containing information on login/withdrawals/deposits/any access related change like 2fa mode change etc. As I said, big things are in the pipeline and we won’t stop till we are the global leaders in user account and fund security. We are going to have more sessions like this with our users who are new to the community and may not be aware of the security pitfalls.
We want to make their first steps into the crypto world as secure as possible.
CoinDCX takes the security of the digital assets and any private information stored within the platform very seriously. Our platform is built with industry-leading security protocols that are regularly tested to check any violations. Our team is constantly auditing and building upon existing protocols to ensure that our security is up-to-date and impenetrable. CoinDCX uses geographically distributed cold wallets, DDoS protection, regular stress testing measures, and multi-signature authentications to ensure world-class security.